UBUNTU-CVE-2023-27599

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, when the function appendhf handles a SIP message with a malformed To header, a call to the function abort is performed, resulting in a crash. This is due to the following check in datalump.c:39...

SUSE CVE-2004-1285

Buffer overflow in the getheader function in asfmmststreaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream...

SUSE CVE-2007-1584

Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string...

SUSE CVE-2011-1398

The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...

SUSE CVE-2012-4388

The sapiheaderop function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improp...

PT-2023-11829 · Kong · Kong Lua-Multipart

Name of the Vulnerable Software and Affected Versions: Kong lua-multipart version 0.5.8-1 Description: A vulnerability was found in the function is header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Recommendations: For Kong lua-multipart...

PT-2022-10222 · Htmldoc +1 · Htmldoc +1

Name of the Vulnerable Software and Affected Versions: htmldoc versions prior to 1.9.12 Description: A buffer overflow issue exists in the write header function in htmldoc, allowing attackers to cause a denial of service. The issue is related to the /htmldoc/htmldoc/html.cxx file at line 273...

Denial Of Service (DoS)

php is vulnerable to denial of service. A one byte memory read always occurs before the beginning of a buffer. This could be triggered, for example, by any use of the header function in a script. However it is unlikely that this would have any effect...

Newsletter Manager < 1.5 - Unauthenticated Open Redirect

The plugin used base64 encoded user input in the appurl parameter without validation, to redirect users using the header PHP function, leading to an open redirect issue PoC In the file '/newsletter-manager/confirmation.php': 33: $xyzemurl = base64decode$GET'appurl'; ... 179:...

VCFtools header::add_FORMAT_descriptor function denial of service vulnerability

VCFtools is a package for working with VCF files. A denial of service vulnerability exists in the header::addFORMATdescriptor function in header.cpp in VCFtools 0.1.15. A remote attacker can exploit this vulnerability via a specially crafted vcf file to cause a denial of service reuse after relea...

VCFtools header::add_INFO_descriptor function denial of service vulnerability

VCFtools is a package for working with VCF files. A denial of service vulnerability exists in the header::addINFOdescriptor function in header.cpp in VCFtools 0.1.15. A remote attacker can exploit this vulnerability via a specially crafted vcf file to cause a denial of service reuse after release...

DEBIAN-CVE-2018-11099

The header::addINFOdescriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure heap-based buffer over-read via a crafted vcf file...

UBUNTU-CVE-2018-11130

The header::addFORMATdescriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted vcf file...

UBUNTU-CVE-2018-10114

An issue was discovered in GEGL through 0.3.32. The geglbufferiteratereadsimple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service write access violation or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions ...

Exiv2 'readHeader' Function Denial of Service Vulnerability

Exiv2 is a set of C++ libraries and command line applications for managing image metadata by software developer Andreas Huggel, which provides fast and easy reading and writing of image metadata in a variety of EXIF, IPTC and XMP formats. A security vulnerability exists in the 'readHeader' functi...

FFmpeg Buffer Out-of-Bounds Read Vulnerability

FFmpeg is a set of open source computer programs that can be used to record, convert digital audio and video to streams under the LGPL or GPL license. A buffer out-of-bounds read vulnerability exists in the readheader function in libavcodec/ffv1dec.c in 3.3.4 and earlier versions of Ffmpeg. An...

Out-of-bounds

The readheader function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read...

FFmpeg 'ivr_read_header()' function denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'ivrreadheader' function in the libavformat/rmdec.c file in FFmpeg version 3.3.3, which stems from the program's failure to adequately detect EOF End ...

php: HTTP response splitting in header() function

The header PHP function allowed header stings containing line break followed by a space or tab, as allowed by RFC 2616. Certain browsers handled the continuation line as new header, making it possible to conduct a HTTP response splitting attack against such browsers. The header function was updat...

PHP < 5.4.38, 5.5.x < 5.5.22, 5.6.x < 5.6.6 XSS Vulnerability (Aug 2016) - Windows

PHP is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if descriptio...